A zero-day vulnerability in Microsoft Word is being used in specific, targeted attacks; The flaw is being exploited to deliver a rootkit-type backdoor that does reconnaissance on an infected machine and reports back to a server in China.

Our friends at the SANS ISC (Internet Storm Center) said in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC incident handler tracking the attack.